Origin Protocol had launched Origin Dollar (OUSD) back in late September. Now, however, the yield-generating stablecoin has suffered a devastating hack, draining $7 million in funding from it.
Going To The Press
Matthew Liu stands as the founder of Origin Protocol, and was forced to announce on the 17th of November, 2020, that the stablecoin had been hacked.
In a bid to try and quell the inevitable outrage, however, he highlighted that of the $7 million drained, $1 million of these lost funds were deposited by employees and founders of Origin, including the company itself.
In the original announcement, the team was still unaware of what exploit was used to carry out this theft, but they had a lead regarding a flash-loan transaction. This transaction seems to be the source of the attack, according to the announcement, with the transaction cost being almost 0.54 ETH in total to complete.
In the announcement, Liu stressed the fact that the Origin Protocol team is currently working around the clock to try and find this exploited vulnerability. From there, he promised updates, which went into greater detail about the attack.
It was concluded that the attack was thanks to a reentrancy bug within the Origin Protocol’s smart contracts. While Origin had already made provisions against reentrancy, they didn’t anticipate one of its own supported stablecoins to attack them.
In particular, the attacker leveraged a missing validation check when minting OUSD with multiple stablecoins, doing so to push in fake stablecoins. From there, they transferred this fake stablecoin from the Vault, which exploited the contract, causing a reentrancy attack from there.
OUSD Trading For Less Than 1/5 USD
While Origin has been capable of tracking the funds, thanks to the help of a number of third parties, there is a staggering amount of assets still at large.
Liu was quick to stress that the team isn’t going to vanish into thin air, trying to assuage concerns if this was all some elaborate internal scam.
In the meantime, Liu has urged everyone to stay away from OUSD, and refrain from trading it in the meantime. Alongside this, staking has been put on hold.
As one would imagine, this was no good for the coin, with a single OUSD going for less than $0.15 at the moment on Uniswap.
With any luck, this entire matter can be resolved with a minimal loss of capital to the victims of this attack.